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DETAILED ACTION 

1 . This action is responsive to communication: filed on 29 June 2005, the original 
application was filed on 31 July 2000. 

2. Claims 1-26 are currently pending in this application. Claims 1,12, and 22 are 
independent claims. 

Claim Rejections -35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject matter 
sought to be patented and the prior art are such that the subject matter as a whole would have 
been obvious at the time the invention was made to a person having ordinary skill in the art to 
which said subject matter pertains. Patentability shall not be negatived by the manner in which 
the invention was made. 

4. Claims 1-5, 7, 9, 11-17, 26 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Alonso et al. U.S. Patent No. 6,434,700 (hereinafter '700) in further view of Jackson, 
Trevor European Patent Application No. 091 1738 (hereinafter '738). 

As to independent claim 1, "A computer network comprising a plurality of 
interconnected network devices including: (a) a plurality of client computers; (b) an 
authentication server computer operated by a system administrator; and (c) a disk drive 
connected to the authentication server computer; the disk drive comprising: an interface 
for receiving personal authentication data and user access data from the system 
administrator" is taught in '700 col. 5, line 62 through col. 6, line 29 "Upon receiving the 
request, the network access server sends the user access information to a centralized server, 
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such as an Access Control Server ("ACS") ... The ACS determines who may access the 
network what services they are authorized to use, and to whom the provides Authorization, 
y\uthentication, and Accounting ("AAA") functions for a managed network ... Each of the 
network devices can be configured to communicate with the ACS"; 

^^a disk for storing data" is shown in '700 col. 2, lines 6-7 and col. 6, 
lines 16-19 "Generally, a Fortezza security system includes a Fortezza Crypto card that stores 
unique encrypted information" and 'The ACS integrates and supports various authentication 
and authorization technologies, including token cards, and Fortezza security systems"; 
the following is not taught in '700: 

"a disk controller for controlling access to the disk; an authenticator, responsive to 
the personal authentication data, for enabling the disk controller" however '738 teaches 
''Accordingly, the present invention provides an improved disk drive having: at least one hard 
disk; drive control means for controlling operation of the drive; and read/write means for 
reading data from, and writing data onto, said at least one hard disk; wherein the improvement 
comprises the provision of encryption/decryption means, connected to said read/write means, 
for encrypting data to be written onto, and decrypting data to be read from, said at least one 
hard disk; said drive control means including permanent security control means formed and 
arranged for restricting read/write access to said at least one hard disk via said 
encryption/decryption means, for at least the data content of data files to be written thereto or 
read therefrom, and password-dependent security control means formed and arranged for 
receiving user input password data, comparing said user input password data with 
predetermined password data stored in said password-dependent security control means, and for 
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activation of said encryption/decryption means only in response to receipt of a valid password, 
Avhereby read/write access to said at least one hard disk, in relation to at least the data content of 
data files, is restricted to holders of a valid password" in col. 2, lines 17-39; 

"ciyptographic circuitry for encrypting the user access data received from the 
system administrator into encrypted data stored on the disk" however '738 teaches 
'"Preferably, the encryption/decryption means is provided in integrated circuitry in the disk 
drive" in col. 2, lines 47-67. 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to modify an authorization access server taught in '700 to include an improved disk drive. One 
of ordinary skill in the art would have been motivated to perform such a modification because 
their exists a need for protecting data stored on computer systems see '738 (col. 1, lines 9 et 
seq.) ''The need for protecting data stored on computer systems is a wide-ranging issue. 
Computer hackers, destruction of data by viruses, loss of computer equipment and the theft of 
data are commonplace. The nature of data stored in computer files can be such that its loss or 
disclosure can be financially, poUtically or personally damaging. Consequently there have been 
many data protection systems proposed which address these issues, many of these involving 
some form of data encryption". 

As to dependent claim 2, "wherein the user access data comprises a plurality of user 
identifiers and corresponding access rights to the plurality of network devices" is disclosed 
in '700 col. 6, lines 16-29. 
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As to dependent claim 3, "The computer network as recited in claim 2, wherein the 
user access data further comprises user authentication data" is shown in '700 col. 6, lines 
16-29, 

As to dependent claim 4, "The computer network as recited in claim 3, wherein the 
user authentication data comprises a user password" is taught in '738 col. 2, lines 17-39. 

As to dependent claim 5, this claim contains texts that contain substantially similar 
limitations as cited in claim 4 and are rejected along the same rationale. 

As to dependent claim 7, "The computer network as recited in claim 2, wherein: (a) 
the disk stores encrypted device access data associated with the network devices; and (b) 
tlie device access data for use in authenticating device access requests transmitted from 
client computers to the network devices" is taught in '700 col. 8 line 55 - col. 9 line 23 "FIG. 
3 is a flow diagram of one embodiment of a method for allowing users of Fortezza passwords to 
use computer networks supporting a variety of authentication and authorization technologies. 
FIG. 3 will be explained with reference to the components in FIG. 2. However, the method of 
FIG. 3 may be implemented with any other arrangement of hardware and software elements that 
may carry out the functions needed in the method of FIG. 3. Thus, the method of FIG. 3 is not 
intended to be limited to the context of FIG. 2. At block 300 of FIG. 3, chent 102 establishes a 
connection 1 16 with the network access server 104. For example, user 106 associated with client 
1 02 causes the client 1 02 to dial in and send user access information to the network access server 
104. The user access information typically contains a username and password. The password 
can be a fixed password or an OTP type password obtained through the use of a Smart card or 
Token card, depending on the level of authentication. The password type can also be a Fortezza 
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password which is a unique hash value produced by a Fortezza Crypto card 107a and Fortezza 
card reader 107b. The more authorization privileges a user receives, the stronger the 
authentication would be. At block 302, the network access server 104 receives user access 
information from client 102. In system 200, the communications fijnction of accessing the 
network, and the structure that supports this Sanction, are separated from the security functions 
and the structure that carries them out. Hence, at block 304, the network access server 104 
passes the user access information to the Access Control Server 202. The network access server 
104 controls modems and ports that are used to connect to network 108, but does not examine 
the type of password contained in the user access information. It simply forwards the user access 
information to the Access Control Server 202 which is a point of centralized control of network 
access and the provision security services". 

As to dependent claim 9, "The computer network as recited in claim 7, wherein: (a) 
the interface receives unencrypted device access data; and (b) the cryptographic circuitry 
encrypts the unenciypted device access data into the encrypted device access data stored 

on the disk" is disclosed in '738 col. 4, lines 7-18 Advantageously, the permanent security 
control means is adapted to restrict read/write access to the disk or disks by causing all data to 
be written to, and all data to be read from, the disk(s) to be routed through the 
encryption/decryption means. Alternatively the permanent security control means may only 
cause some data to be routed through the encryption/decryption means, for example only the 
(lata content of data files and not the address content of said data files. In its activated state, the 
encryption/decryption means advantageously encrypts all data routed there through from the 
permanent security control means. The encrypted data from the encryption/decryption means is 
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then written onto the disk(s) via the read/write means. The activated encryption/decryption 
means also decrypts all encrypted data read from said disk(s) by the read write means" 

As to dependent claim 11, "The computer network as recited in claim 7, wherein the 
enciypted device access data is transmitted from the network devices to the disk drive" is 
taught in '738 coL 4, lines 7-18. 

As to independent claim 12, "A computer network comprising a plurality of 
interconnected network devices including: (a) a plurality of client computers; (b) an 
autlicntication sci*ver computer; and (c) a disk drive connected to the authentication server 
computer, the disk drive comprising: an interface for receiving from a client computer a 
user ID and a user access request to access a network device, and for transmitting device 
access data to the client computer" and "wherein the disk controller uses the deciypted 
data to generate the device access data transmitted to the client computer" is taught in '700 
col. 5, line 62 - col 6, line 29; 

"a disk for storing encrypted data, a disk controller" is shown in '700 coL 2, lines 6-7 
and go). 6, lines 16-19; 
the following is not taught in '700: 

"responsive to the user ID and user access request, for controlling access to the disk; 
and cryptographic circuitry for decrypting the encrypted data stored on the disk to 
generate decrypted data" however '738 "Accordingly, the present invention provides an 
improved disk drive having: at least one hard disk; drive control means for controlling operation 
of the drive; and read/write means for reading data from, and writing data onto, said at least one 
hard disk ..." in col. 2, lines 17-39. 
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As to dependent claim 13, "The computer network as recited in claim 12, wherein: 
(a) the encr} pted data comprises encrypted user authentication data corresponding to the 
user ID; and (b) the cryptographic circuitry decrypts the encrypted user authentication 
data to generate decrypted user authentication data" is shown in '738 col. 4, lines 7-18 

As to dependent claim 14, "The computer network as recited in claim 13, wherein 
(he decrypted user authentication data comprises a user password" is taught in '738 col. 2, 
lines 17-39. 

As to dependent claim 15, "wherein the ciyptographic circuitry encrypts the device 
access data before transmission to the client computer" is shown in '738 col. 4, lines 7-18. 

As to dependent claim 16, "(a) the cryptographic circuitry encrypts the device 
access data before transmission to the client computer; and (b) the cryptographic circuitry 
encrypts (he device access data using a cryptographic user key extracted from the 
deciypted user authentication data" is taught in '738 col. 4, lines 43-67 "The discrete security 
key device may conveniently comprise a portable key card which contains user input password 
data for inputting to the password-dependent security control means of the drive, via the security 
key interface device provided as part of the data access security control system. The security key 
interface device may be provided in the disk drive itself or may, alternatively, be provided in a 
host computer in which the drive is installed. Thus, said security key interface may comprise a 
part of, or may alternatively be formed and arranged for electrical connection to, the password- 
dependent security control means of the drive. The portable key card may include a TROM 
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(Touch Read Only Memory) for contacting an input/output port of the security key interface 

device, said TROM containing said user input password data". 

As to dependent claim 17, " The computer network as recited in claim 16, wherein 
the cryptographic user key is generated by the cryptographic circuitry using the 
decrypted user authentication data'' is shown in '738 col. 4, lines 43-67. 
6. CInims 6, 8, 10, and 18-21 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over '700 and '738 as applied to claims 1 and 12 in ftjrther view of DeTreville U.S. Patent No. 
6,609,199 (hereinafter '199). 

As to dependent claim 6, the following is not taught in '700 and '738 "wherein: (a) the 
ci7ptographic circuitry comprises an immutable secret drive key configured during 
manufacture of the disk drive; and (b) the secret drive key for use in encrypting the user 
access data" however '199 teaches "Computers 102 and 104 include access ports 1 12 and 1 14, 
respectively. Access ports 1 12 and 1 14 allow a portable integrated circuit (IC) device, such as 
device 1 16, to be communicably coupled to computers 102 and 104 (e.g., device 116 may be 
inserted into ports 112 and 1 14). This coupling can be accomphshed in any of a variety of 
conventional manners" and "The CPU manufacturer equips the CPU 134 with a pair of public 
and private keys 150 that is unique to the CPU. For discussion purposes, the CPU's public key 
is referred to as "K. sub. CPU " and the corresponding private key is referred to as 
"K.sub.CPU.sup.-l ". Other physical implementations may include storing the key on an 
external device to which the main CPU has privileged access (where the stored secrets are 
inaccessible to arbitrary application or operating system code)" in col. 4 Hnes 7-9 and col. 5 
lines 54-60. 
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It would have been obvious to one of ordinary skill in the art at the time of the invention 
to modify an authorization access server with a disk drive for controlling access to the contents 
stored in the drive taught in '700 and '738 to include a secret device key. One of ordinary skill 
in the art would have been motivated to perform such a modification because secret device key 
put m place by a manufacturer is well known in the art to maintain security see '199 (col. 2, hnes 
27 et seq.) "The invention addresses these disadvantages, providing an improved way to 
maintain the security of private information on a portable IC device". 

As to dependent claim 8, "wherein the encrypted device access data comprises an 
enciypted secret device key shared with a corresponding network device" is taught in '199 
col. 5 lines 54-60 "The CPU manufacturer equips the CPU 134 with a pair of public and private 
keys 1 50 that is unique to the CPU. For discussion purposes, the CPU's public key is referred to 
as "K. sub. CPU. sup- r\ Other physical implementations may include storing the key on an 
external device to which the main CPU has privileged access (where the stored secrets are 
inaccessible to arbitrary application or operating system code)". 

As to dependent claim 10, "wherein the encrypted device access data is stored on the 
disk during nuinufacture of the disk drive" is taught in '199 col. 5 lines 54-60 "The CPU 
manufacturer equips the CPU 134 with a pair of public and private keys 150 that is unique to the 
CPU. For discussion purposes, the CPU's public key is referred to as "K.sub.CPU.sup-l". Other 
pliysical implementations may include storing the key on an external device to which the main 
CPU has privileged access (where the stored secrets are inaccessible to arbitrary application or 
operating system code)". 
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As to dependent claim 18, "wherein the cryptographic user key is a public key for 
use in a public key encryption algorithm" is shown in '199 col. 5 lines 54-60 "The CPU 
manufacturer equips the CPU 134 with a pair of public and private keys 150 that is unique to the 
CPU". 

As to dependent claim 19, "wherein: (a) the cryptographic circuitry encrypts the 
device access data using a secret device key shared with the network device; and (b) the 
secret device key is used by the network device to authenticate device access 
requests received from client computers" is shown in '199 col. 5 hnes 54-60 "The CPU 
manufacturer equips the CPU 134 with a pair of public and private keys 150 that is unique to the 
CPU". 

As to dependent claim 20, "The computer network as recited in claim 19, wherein 
the secret device key shared with the network device is stored in enciypted form on the 
disk is shown in '700 col. 2, Unes 6-7 and col. 6, lines 16-19 "Generally, a Fortezza security 
system includes a Fortezza Crypto card that stores unique encrypted information, and which 
executes encryption algorithms to produce a scrambled one-time password ("OTP"). The card 
is a self-contained hardware system" and "The ACS integrates and supports various 
authentication and authorization technologies, including token cards, and Fortezza security 
systems"; 

"and dcciypted by the cryptography circuitry" is shown in '738 col. 4, hnes 19-26. 

As to dependent claim 21, "The computer network as recited in claim 12, wherein: 
(c) the cryptographic circuitry comprises an immutable secret drive key configured during 
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manufacture of the disk drive; and (d) the secret drive key for use in decrypting the 
encrypted data stored on the disk" is shown in '199 col. 5 lines 54-60 "The CPU manufacturer 
equips the CPU 134 with a pair of public and private keys 150 that is unique to the CPU. For 
discussion purposes, the CPU's public key is referred to as "K.sub.CPU " and the corresponding 
private key is referred to as "K.sub.CPU.sup.-l". Other physical implementations may include 
storing the key on an external device to which the main CPU has privileged access (where the 
stored secrets are inaccessible" to arbitrary application or operating system code)". 
7. Chums 22-26 are rejected under 35 U.S.C. 103(a) as being unpatentable over '700 and 
'738 in ftirther view oV]99. 

As to independent claim 22, "A computer network comprising a plurality of 
interconnected network devices including: (a) a plurality of client computers; (b) an 
autlientication sei-ver; and (c) a disk drive comprising: an interface for receiving an 
encrypted device access request and for inputting/outputting user data from/to a client 
computer; a disk for storing data; " is taught in '700 col. 5, line 64 - col. 6, Une 29 "the 
network access server sends the user access information to a centralized server, such as an 
Access Control Server ("ACS"). The ACS provides a central point of control for the 
management of multiple security services, and network devices" 

''a disk controller for controlling access to the disk; an internal drive key;" and "an 
authenticator, responsive to the decrypted secret device key, for authenticating the device 
access request" is shown in '738 col. 2, Unes 17-39 "Accordingly, the present invention 
provides an improved disk drive having: at least one hard disk; drive control means for 
controlling operation of the drive; and read/write means for reading data from, and writing data 
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onto, said at least one hard disk; wherein the improvement comprises the provision of 
encryption/decryption means, connected to said read/write means, for encrypting data to be 
written onto, and decrypting data to be read from, said at least one hard disk; said drive control 
means including permanent security control means formed and arranged for restricting read/write 
access to said at least one hard disk via said encryption/decryption means, for at least the data 
content of data files to be written thereto or read therefrom, and password-dependent security 
control means formed and arranged for receiving user input password data"; 
the following is not taught in '700 and '738: 

"a secret device key shared with the authentication server, the secret device key 
stored in enciypted form; cryptographic circuitry, responsive to the internal drive key, for 
decrypting the encrypted secret device key to generate a decrypted secret device key" 
however ' 199 teaches "Computers 102 and 104 include access ports 1 12 and 1 14, respectively. 
Access ports 1 12 and 1 14 allow a portable integrated circuit (IC) device, such as device 1 16, to 
be communicably coupled to computers 102 and 104 (e.g., device 116 may be inserted into 
ports 112 and 1 14). This coupling can be accompUshed in any of a variety of conventional 
manners" and 'The CPU manufacturer equips the CPU 134 with a pair of public and private 
keys 1 50 that is unique to the CPU. For discussion purposes, the CPU's public key is referred to 
as "K.sub.CPU " and the coaesponding private key is referred to as "K.sub.CPU.sup.-l ". 
Other physical implementations may include storing the key on an external device to which the 
main CPU has privileged access (where the stored secrets are inaccessible to arbitrary 
application or operating system code)" in col. 4 lines 7-9 and col. 5 lines 54-60. 
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It would have been obvious to one of ordinary skill in the art at the time of the invention 
to modify an with a disk drive for controlling access to the contents stored in the drive taught in 
'700 and '738 to include a secret device key. One of ordinary skill in the art would have been 
motivated to perform such a modification because secret device key put in place by a 
manufacturer is well known in the art to maintain security see '199 (col. 2, Unes 27 et seq.) "The 
invention addresses these disadvantages, providing an improved way to maintain the security of 
private information on a portable IC device". 

As to dependent claim 23, "The computer network as recited in claim 22, wherein 
the enciypted secret device key stored on the disk" is taught in ' 199 col. 5 lines 54-60 "The 
CPU manufacturer equips the CPU 134 with a pair of public and private keys 150 that is unique 
to the CPU. For discussion purposes, the CPU's public key is referred to as "K. sub. CPU " and 
the corresponding private key is referred to as "K.sub.CPU.sup.-l ". Other physical 
implementations may include storing the key on an external device to which the main CPU has 
privileged access (where the stored secrets are inaccessible to arbitrary application or operating 
system code)" 

As to dependent claim 24, "The computer network as recited in claim 22, wherein 
the encrypted secret device key is configured during manufacture of the disk drive" is 

shown in '199 col. 5 lines 54-60 "The CPU manufacturer equips the CPU 134 with a pair of 
public and private keys 150 that is unique to the CPU. 

As to dependent claim 25, "The computer network as recited in claim 22, wherein 
the disk drive transmits the encrypted secret device key to the authentication server" is 

taught in '700 col. 9, lines 9-19 "the network access server 104 receives user access information 
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from client 102, In system 200, the communications function of accessing the network, and the 
structure that supports this function, are separated from the security functions". 

As to dependent claim 26, "The computer network as recited in claim 22, wherein 
the internal drive key comprises tamper-resistant circuitry" is taught in '199 col. 6, lines 
62-64 "Alternatively, the CPU 134 can store the boot log 158 in volatile memory 138 in a 
cryptographic tamper-resistant container". 
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